End-of-Shift report
Timeframe: Mittwoch 27-05-2015 18:00 − Donnerstag 28-05-2015 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
Multiple vulnerabilities in Cisco products
http://tools.cisco.com/security/center/viewAlert.x?alertId=39012
http://tools.cisco.com/security/center/viewAlert.x?alertId=39013
http://tools.cisco.com/security/center/viewAlert.x?alertId=39015
http://tools.cisco.com/security/center/viewAlert.x?alertId=38349
http://tools.cisco.com/security/center/viewAlert.x?alertId=39041
http://tools.cisco.com/security/center/viewAlert.x?alertId=39042
Microsoft to Detect Search Protection Code as Malware
Microsoft security products will begin detecting software containing search protection functions and classifying it as malicious on June 1.
http://threatpost.com/microsoft-to-detect-search-protection-code-as-malware/113027
ZDI-15-246: (0Day) Wavelink Emulation ConnectPro TermProxy WLTermProxyService.exe HTTP Request Headers Remote Code Execution Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation ConnectPro TermProxy. User interaction is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-15-246/
ZDI-15-245: (0Day) Wavelink Emulation License Server LicenseServer.exe HTTP Request Headers Remote Code Execution Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation License Server. User interaction is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-15-245/
Ransomware threat Locker has sleeper component
KnowBe4 is alerting IT managers to be vigilant of a new ransomware threat that leverages a sleeper function.
http://www.scmagazine.com/alert-warns-it-managers-of-locker-ransomware/article/416995
Apple iOS Notification Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1032408
Angler exploit kit pushing CryptoWall 3.0, (Thu, May 28th)
In the past two days, Ive infected two hosts from Angler exploit kit (EK) domains at 216.245.213.0/24. Both hosts were infected with CryptoWall 3.0 ransomware using the same bitcoin address for the ransom payment: 16Z6sidfLrfNoxJNu4qM5zhRttJEUD3XoB On Tuesday, 2015-05-26 at 15:17 UTC, ..
https://isc.sans.edu/diary.html?storyid=19737
APPLE-SA-2015-05-27-1 OS X: Flash Player plug-in blocked
http://prod.lists.apple.com/archives/security-announce/2015/May/msg00002.html
Splunk Enterprise 6.1.8, 6.0.9, and 5.0.13 address multiple vulnerabilities
Splunk Enterprise 6.1.8, 6.0.9, and 5.0.13 address multiple vulnerabilities Multiple vulnerabilities in OpenSSL versions before 1.0.1m and 0.9.8zf (SPL-98351) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on ..
http://www.splunk.com/view/SP-CAAAN4P
Grabit and the RATs
Not so long ago, Kaspersky clients in the United States approached Kaspersky researchers with a request to investigate a new type of malicious software that they were able to recover from their organizations' servers. The malware calls itself Grabit.
http://securelist.com/blog/research/70087/grabit-and-the-rats/
Trend Micro Discovers Apache Cordova Vulnerability that Allows One-Click Modification of Android Apps
We've discovered a vulnerability in the Apache Cordova app framework that allows attackers to modify the behavior of apps just by clicking a URL. The extent of the modifications can range from causing nuisance for app users to crashing the ..
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/
SAP HANA Log Injection
Under certain conditions the SAP HANA XS engine is vulnerable to arbitrary log injection, allowing remote authenticated attackers to write arbitrary information in log files. This could be ..
http://cxsecurity.com/issue/WLB-2015050172
SAP HANA Information Disclosure
Under certain conditions some SAP HANA Database commands could be abused by a remote authenticated attacker to access information which
is restricted. This could be used to gain access ..
http://cxsecurity.com/issue/WLB-2015050171
SOPHOS WAF JSON Filter Bypass
Topic: SOPHOS WAF JSON Filter Bypass Risk: Low Text:SECURITYLABS INTELLIGENT RESEARCH - SECURITY ADVISORY
http://www.securitylabs.com.br/ ADVISORY/0115 - SOPHOS WAF (WEBSERV...
http://cxsecurity.com/issue/WLB-2015050169
Phishers register domain names, hammer traditional targets
The number of domain names used for phishing reached an all-time high, according to a new report by the the Anti-Phishing Working Group (APWG). Many of these were registered by ..
http://www.net-security.org/secworld.php?id=18429
Crash-Benachrichtigung für iOS-Geräte: Apple stellt Bugfix in Aussicht
Apple will den 'Unicode of Death'-Fehler, der iPhone und iPad durch eine bestimmte Zeichenfolge zum Absturz bringt, mit einem Software-Update beheben - das Problem betrifft weit mehr als nur iMessage.
http://heise.de/-2669432
Oracle PeopleSoft admin credentials open to hackers
SAP Security experts discovered a number of unpatched vulnerabilities and weaknesses in Oracle PeopleSoft that could be exploited to obtain admin passwords. The SAP security experts, Alexander Polyakov and Alexey Tyurin, revealed that Oracle ..
http://securityaffairs.co/wordpress/37270/hacking/oracle-peoplesoft-vulnerabilities.html
Bugtraq: [SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices
http://www.securityfocus.com/archive/1/535626
IDS, IPS and UTM - What's the Difference?
In our last webcast, we learned about lingering and general confusion over these crazy acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive definitions, ..
https://www.alienvault.com/blogs/security-essentials/ids-ips-and-utm-whats-the-difference